Security

Extras

eBay 'Please Confirm Your Identity' Phishing Scam

OutlineEmail, purporting to be from eBay, claims that the user has tried to sign in from an unfamiliar computer and must therefore confirm his or her identity by clicking a link in the message.

Brief Analysis
The email is not from eBay. The message is designed to trick eBay users into divulging their account login details to Internet criminals. The criminals have used a standard security protocol sometimes used by eBay as a means of making their false claims seem more legitimate.

You're signing in from a computer we're not familiar with. That's no problem, but we need to take a few moments just to make sure no one is trying to access your account without permission.
Please log in to your account and complete the form on the next page.
[Link to bogus website removed]

Regards
eBay

Detailed Analysis
This email, which purports to be from eBay, claims that the recipient has attempted to login to his or her eBay account from a computer that eBay is not familiar with. Supposedly, eBay therefore needs to confirm the user's identity to ensure that the account is not being accessed without the user's permission. To confirm his or her identity, the user is instructed to login to the eBay account and complete by clicking a ink in the message.

However, the message is not from eBay and the link in the email does not lead to an eBay identity confirmation page as expected. In fact, the link opens a bogus webpage designed to closely resemble a genuine eBay login page. When the victim has entered his or her username and password on the fake page, a new page will appear that asks for the answer to the security question attached to the account as well as the user's email address. After supplying this information, the victim will see a final message noting that he or she has successfully confirmed his or her identity. The victim will then be redirected to the genuine eBay website.

Of course, the login credentials and other information submitted on the fake website can be collected by the criminals operating the scam and subsequently used to hijack the account. Once they have gained access to the compromised account, the criminals can lock out the real user by changing the account password, steal personal and financial information from the account and use it to conduct further fraudulent activities in the victim's name.

The link in the email uses HTML to make it appear that it points to a genuine eBay web address. Moreover, to further the illusion of legitimacy, the scammers have copied the text of a standard security protocol message that is sometimes employed by eBay to protect user accounts.

Because it conducts its business online, eBay and sister company Paypal are continually targeted by online scammers. New phishing scam variations that target eBay users are regularly distributed. Be wary of any eBay message that asks you to click a link or open an attachment and supply personal or financial information. eBay has published information telling users how to avoid becoming a victim of such phishing scams.